b'Evaluation of FDIC\xe2\x80\x99s Intrusion Detection and Incident Response Capability\n\n(Report No. 04-009, February 13, 2004)\n\nSummary\n\nThis report presents the results of a review by IBM Business Consulting Services (IBM), an\nindependent professional services firm engaged by the Office of Inspector General (OIG) to\nsupport its efforts to satisfy reporting requirements related to the Federal Information Security\nManagement Act of 2002.\n\nThe objective of the review was to evaluate the policies, procedures, and technical controls for\nthe Federal Deposit Insurance Corporation\xe2\x80\x99s (FDIC) computer incident response capability. The\nscope of the review was specifically designed to focus on (1) intrusion identification and\ndetection, (2) incident tracking and external reporting, and (3) incident investigation.\n\nIBM concluded that the FDIC has made improvements in the incident response area, but\nadditional work is needed to strengthen FDIC\xe2\x80\x99s controls for identifying and monitoring security\nincidents.\n\nRecommendations\n\nIBM made multiple recommendations to improve the intrusion detection and incident response\ncapability at the FDIC.\n\nManagement Response\n\nThe FDIC\xe2\x80\x99s response adequately addressed all the conditions discussed in the report.\n\nThis report addresses issues associated with information security. Accordingly, we have not\nmade, nor do we intend to make, public release of the specific contents of the report.\n\x0c'